garygreen captchas on there own yes, the bots can get around them but security questions, no. I would have to disagree. You need to rotate security questions.
On my SMF forum I would change the security questions once every 2x months and I had no problems. It was the combination of security questions and captchas that worked for me.
So much so I unbanned China and Russia.
Just to give you an example of the security questions I would set:
"Name the author of the article named xyz published on the url xyz"
Now if u combine that with 6 odd rotating security questions or pair 2x security questions... bots aren't gonna get past that .
I don't agree with shadow banning bot accounts. I simple don't want fake accounts on my forum period.